You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Actually I haven`t used desktop for two days except checking email/news. Today morning everything was fine. After work (about 3 hours ago) it started its destruction (I can see the datestamp on photos/documents) and so far I found file:dectryptor.exe that showed up with same datestamp as first encrypted files (unfortunately norton NPE removed it as I did a scan in SafeMode - I am trying to recover it)

Also I found in msconfig "einfo" process starting from my documents that disappeared after disabling manually from running.

The submitted file is definitely the decrypter. I can tell it uses AES-128, and uses a 16-character password, but we'll need the malware itself to analyze for any possibly exploitable weaknesses. See if you can try tracing your steps, I'm assuming it must be a download from a website. It seems too unsophisticated to be spread via exploit kit, so it must be something you recently downloaded and ran, or received from an email.